Informatica: [careers.informatica.com] XSS on "isJTN"

2016-12-10T01:07:44
ID H1:190020
Type hackerone
Reporter modam3rly
Modified 2017-04-07T16:29:46

Description

hi , i found XSS bug on parameter "isJTN=" at careers.informatica.com give you ability to run java script code tested on firefox 50.0.2 also on old version of google chrome in the last version , but if try this bug in chrome last version you will got a source code displayed on page with out run cuz security protected stop XSS code

  • POC

used payload : </ScrIpt><SCRIPT>+alert("X");</SCRIPT>

https://careers.informatica.com/apply?applySource=Quick%20Apply&isJTN=</ScrIpt><SCRIPT>+alert("X");</SCRIPT>true&isQuickApply=false

are this eligible for swag !? cheer